This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch master updated. glibc-2.21-112-g6909d27

From: ppluzhnikov at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 24 Feb 2015 16:06:58 -0000
Subject: GNU C Library master sources branch master updated. glibc-2.21-112-g6909d27

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  6909d2767580b680138a6aa49aabf4976770e9f6 (commit)
      from  65f6f938cd562a614a68e15d0581a34b177ec29d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6909d2767580b680138a6aa49aabf4976770e9f6

commit 6909d2767580b680138a6aa49aabf4976770e9f6
Author: Paul Pluzhnikov <ppluzhnikov@google.com>
Date:   Tue Feb 24 08:05:34 2015 -0800

    Fix BZ #17916 - fopen unbounded stack usage for ccs= modes

diff --git a/ChangeLog b/ChangeLog
index 59a1571..c306867 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2015-02-24  Paul Pluzhnikov  <ppluzhnikov@google.com>
+
+	[BZ #17916]
+	* libio/fileops.c (_IO_new_file_fopen): Limit stack use
+	* libio/tst-fopenloc.c (do_test, do_bz17916): Add a large ccs= test
+
 2015-02-24  Eric Rannaud  <e@nanocritical.com>
 
 	[BZ #17523]
diff --git a/NEWS b/NEWS
index bd95e74..3f005fe 100644
--- a/NEWS
+++ b/NEWS
@@ -10,8 +10,8 @@ Version 2.22
 * The following bugs are resolved with this release:
 
   4719, 14841, 13064, 14094, 15319, 15467, 15790, 16560, 17269, 17523,
-  17569, 17588, 17792, 17836, 17912, 17932, 17944, 17949, 17964, 17965,
-  17967, 17969, 17978, 17987, 17991, 17996, 17998, 17999.
+  17569, 17588, 17792, 17836, 17912, 17916, 17932, 17944, 17949, 17964,
+  17965, 17967, 17969, 17978, 17987, 17991, 17996, 17998, 17999.
 
 * Character encoding and ctype tables were updated to Unicode 7.0.0, using
   new generator scripts contributed by Pravin Satpute and Mike FABIAN (Red
diff --git a/libio/fileops.c b/libio/fileops.c
index 297b478..2427320 100644
--- a/libio/fileops.c
+++ b/libio/fileops.c
@@ -353,7 +353,15 @@ _IO_new_file_fopen (_IO_FILE *fp, const char *filename, const char *mode,
 	  struct gconv_fcts fcts;
 	  struct _IO_codecvt *cc;
 	  char *endp = __strchrnul (cs + 5, ',');
-	  char ccs[endp - (cs + 5) + 3];
+	  char *ccs = malloc (endp - (cs + 5) + 3);
+
+	  if (ccs == NULL)
+	    {
+	      int malloc_err = errno;  /* Whatever malloc failed with.  */
+	      (void) _IO_file_close_it (fp);
+	      __set_errno (malloc_err);
+	      return NULL;
+	    }
 
 	  *((char *) __mempcpy (ccs, cs + 5, endp - (cs + 5))) = '\0';
 	  strip (ccs, ccs);
@@ -365,10 +373,13 @@ _IO_new_file_fopen (_IO_FILE *fp, const char *filename, const char *mode,
 		 This means we cannot proceed since the user explicitly asked
 		 for these.  */
 	      (void) _IO_file_close_it (fp);
+	      free (ccs);
 	      __set_errno (EINVAL);
 	      return NULL;
 	    }
 
+	  free (ccs);
+
 	  assert (fcts.towc_nsteps == 1);
 	  assert (fcts.tomb_nsteps == 1);
 
diff --git a/libio/tst-fopenloc.c b/libio/tst-fopenloc.c
index 1336023..48c2d3b 100644
--- a/libio/tst-fopenloc.c
+++ b/libio/tst-fopenloc.c
@@ -24,10 +24,36 @@
 #include <stdlib.h>
 #include <string.h>
 #include <wchar.h>
+#include <sys/resource.h>
 
 
 static const char inputfile[] = "../iconvdata/testdata/ISO-8859-1";
 
+static
+int do_bz17916 (void)
+{
+  /* BZ #17916 -- check invalid large ccs= case.  */
+  struct rlimit rl;
+  getrlimit (RLIMIT_STACK, &rl);
+  rl.rlim_cur = 1024 * 1024;
+  setrlimit (RLIMIT_STACK, &rl);
+
+  const size_t sz = 2 * 1024 * 1024;
+  char *ccs = malloc (sz);
+  strcpy (ccs, "r,ccs=");
+  memset (ccs + 6, 'A', sz - 6 - 1);
+  ccs[sz - 1] = '\0';
+
+  FILE *fp = fopen (inputfile, ccs);
+  if (fp != NULL)
+    {
+      printf ("unxpected success\n");
+      return 1;
+    }
+  free (ccs);
+
+  return 0;
+}
 
 static int
 do_test (void)
@@ -57,7 +83,7 @@ do_test (void)
 
   fclose (fp);
 
-  return 0;
+  return do_bz17916 ();
 }
 
 #define TEST_FUNCTION do_test ()

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog            |    6 ++++++
 NEWS                 |    4 ++--
 libio/fileops.c      |   13 ++++++++++++-
 libio/tst-fopenloc.c |   28 +++++++++++++++++++++++++++-
 4 files changed, 47 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]